| Title | TRENDnet TEW-824DRU 1.04b01 Command injection |
|---|
| Description | There is a command injection vulnerability in the TEW-824DRU router with firmware version 1.04b01. If an attacker gains web management privileges, they can inject commands into the post request parameters system.ntp.server in the apply.cgi interface, thereby gaining shell privileges. If a user has already logged in and still has a session, then an attacker can execute remote code execution (RCE) directly without needing to log in. |
|---|
| Source | ⚠️ https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad?pvs=4 |
|---|
| User | Sonicrr (UID 61527) |
|---|
| Submission | 01/16/2024 09:05 (2 years ago) |
|---|
| Moderation | 01/26/2024 09:10 (10 days later) |
|---|
| Status | Duplicate |
|---|
| VulDB entry | 252125 [TRENDnet TEW-824DRU 1.04b01 sub_420AE0 command injection] |
|---|
| Points | 0 |
|---|